Zones define hierarchical privilege levels in your environment based on a tiered administration model. The most common tiering model is Microsoft’s Enterprise Access Model.
BloodHound uses zones to measure risk and detect violations. Each zone has a specific tier level (Tier Zero is the default and highest).
BloodHound Enterprise customers can create additional zones to match their organization’s security model. However, analyzing them requires the Privilege Zone Analysis feature (available for purchase). For more information, contact your sales representative.
- Summary View
- Details View
The Summary View shows zone names and their hierarchy relative to other zones (the top zone is most critical), rule counts, and object counts.
Create a zone
Enterprise Edition Creating a zone involves configuring the zone details and defining a rule.1
Open the Zone Builder page
In the left menu, click Privilege Zones > Zones > Create Zone.
2
Configure initial zone details
Enter all relevant information about the zone:
| Field | Required? | Description |
|---|---|---|
| Name | Yes | A unique name for the zone (e.g., Server Tier) |
| Description | No | A brief description of the zone’s purpose and scope (e.g., PCI assets) |
| Enable Certification | No | An option to mandate certification for all objects within this zone |
| Enable Analysis | No | An option to include this zone in risk analysis and Attack Path Findings |
| Apply Custom Glyph | No | An option to apply a custom glyph to visually distinguish objects within this zone on the Explore page |
3
Define a rule
Click Define Rule to save your new Privilege Zone and continue on to define the objects to include in the zone.When defining a rule during the zone creation process, provide the following information:
| Field | Required? | Description |
|---|---|---|
| Name | Yes | A unique name for the rule (e.g., PCI Assets) |
| Description | No | A brief description of the rule’s purpose and scope (e.g., PCI assets) |
| Rule Type | Yes | The type of rule to use (e.g., Object ID or Cypher) |
| Automatic Certification | No | An option to choose how BloodHound Enterprise certifies new objects |
4
Complete zone creation
Click Save to finish creating the zone.
Edit a zone
Editing options depend on which edition of BloodHound you’re using. In BloodHound Enterprise, you can edit all zone properties. In BloodHound Community Edition, you can edit the default Tier Zero zone description. To edit a zone, follow these steps:1
Select a zone
- In the left menu, click Privilege Zones.
-
By default, the Tier Zero zone is pre-selected. To edit a different zone in BloodHound Enterprise, select the zone you want to edit.
Tier Zero is the only available zone for BloodHound Community Edition.
- Click Edit Zone.
2
Edit the zone
Modify one of the available fields.For example, you can modify the zone’s name, description, certification and analysis settings, and custom glyph.You can also change the zone’s hierarchical position by using the (vertical grip control) in the Zone Order panel to reorder it.Zone order is defined by privilege level, with the highest-privileged zone at the top.
In BloodHound Community Edition, you can edit the default Tier Zero zone description only.
3
Save your changes
Click Save Edits to apply your changes.
Delete a zone
Enterprise Edition You cannot delete the default Tier Zero zone, but you can edit its properties. See Modify Tier Zero for more information. To delete an existing zone, follow these steps:1
Select a zone
Navigate to the Zones tab, select the zone you want to delete, and click Edit Zone.
2
Delete the zone
To delete the zone:
- Click Delete Zone at the top of the page.
-
Confirm your action in the dialog.
- Click Confirm to delete the zone.
Zone deletion is not available in BloodHound Community Edition.